Closed GrahamCampbell closed 5 years ago
The problem is that loading the env file then loads your secrets for the entire process to see. This could be a problem if composer is being run within a larger app or long running process, instead of via the cli command.
This change means that the dotenv file is not actually loaded into your environment, and its contents are only locally seen by this plugin.
I see, thank's for the explanation. Would you give me push access to the PR to make additions?
You should already have access to the branch. I never disabled it.
Totals | |
---|---|
Change from base Build 26: | 0.0% |
Covered Lines: | 72 |
Relevant Lines: | 72 |
This looks much better now.
@GrahamCampbell Thank's again for the heads-up! I published the changes in a new major release.
Could you elaborate on what env side effects you are trying to remove?
Environment variables may be set without a
.env
file (e.g. web server / Docker config). Thus the.env
file should only be loaded as soon as the first env variable can't be found for a given key.